Unless you are dealing only with machines on your LAN, I don't know of any reliable method to obtain the MAC of remote computers...also I believe there is an issue with MAC address re-use, so uniqueness isn't guaranteed.
I doubt you'll find a solution that will work in 100% of the cases you could run across, unless you are dealing only with computers on a LAN. Freundliche Grüße / Best regards, Bill Franklin Computer Integrated Mfg. Bayer CropScience LP 8400 Hawthorne Road, Room 2447 Kansas City, MO 64120 Tel: +1 816 242 2148 Fax: +1 816 242 2047 E-mail: bill.frank...@bayer.com Web: http://www.bayercropscience.com Vorstand: Sandra E. Peterson, Vorsitzende | Lykele van der Broek, Achim Noack, Rüdiger Scheitza, Michael A. Schulz Vorsitzender des Aufsichtsrats: Werner Baumann Sitz der Gesellschaft: Monheim am Rhein | Eintragung: Amtsgericht Düsseldorf, HRB 46985 -----Original Message----- From: Uday Patel [mailto:udayjpatel2...@gmail.com] Sent: Wednesday, July 11, 2012 4:41 AM To: cf-talk Subject: Re: Force logout a user > Hi, > > I want to force logout a user if he logs in on another machine. I am > using CF9 and session scope to track user user logins. what are the > possible ways of achieving this. > > Thanks in advance Hi, Thank you folks for your responses and suggestions. I spend my weekend playing around with this app on my personal network. This is what I did. maybe this helps someone. If you guys have some tips tricks suggestions, please let me know. I appreciate all you folks taking time to read and post messages. Objective : User should be able to login on only one machine. If he tries to login from another machine, his old session should be terminated. I am using cf sessions for the purpose of tracking user. Solutions provided: check user's IP address : This might not work very well. what is the user is inside a network, or behind a proxy. I know my ISP in canada keeps changing the IP address on my home network. As Cameron mentioned CFID/CFTOKEN and that this is one single best way to determine unique logins. and i agree with this. But what if user clears his cache in that case his browser will get new CFID/CFTOKEN from cf server. Roadblock: While i was playing around with this. I started thinking is there any way that we can get some information about user's machine, like his mac address(since we cannot rely on ip address, cfid's, coz these might change). I googled around with no luck and than came back to my app. But this is one thing that I will explore later on. What I did: I already had logins table in my db wherein i was making entry each time user logs in. I added two more columns here: logout_date and logout_by. These columns will be updated when a user logs out. He can click on logout button or he will be logged out on session end. I also created dead_session_array and put this in application scope. Here I will keep adding all dead sessions. (will explain this later) Scenario 1: User logs in on machine A. entry is made in logins table but logout_date and logout_by is empty. (If user clicks on logout i update these two columns. If session ends I have some code in onsessionend in application.cfc which will update these two columns. when coding inside onsessionend, make sure you read CF documentations. since onsessionend is a self triggered CF event only applicaiton and session scope is available inside via applicationscope and sessionscope). Now suppose user goes to machine B. CF will provide him with new CFID/CFTOKEN (sessionid). when he tries to login I will check in logins table and show him a message that this user already has a session open on another machine. Provide him with a button (something like 'logout old session and continue logging on this machine') When he clicks on this button I will update the logout_date and logout_by columns in logins table for this user and I will take this sessionid(of machine A which i got form logins table that i recorded when he logged on machine A) and I will add this sessionid in application.dead_session_array. So use succefully logs in on mahine B, I will make new entry in logins table with this new login data. Now when he goes to machine A and tries to do something. I will check if application.dead_session_array contains any sessionid. If it does and the sessionid matches with sessionid of machine A. logout this user simply by clearing his session scope. There was a good link about session scope by Ben Nadel http://www.bennadel.com/blog/1847-Explicitly-Ending-A-ColdFusion-Session.htm. clearing session scope does not mean that user logs out. It depends how you design your application. In my case I simply put useObj in session scope. clearing session scope will remove userObj from session scope. But people have diffferent ideas and different ways of doing this. Scenario 2: User logs in on machine A. I make an entry in logins table with logout_date and logout_by columns empty. Now he clears his cache. clicks on any link on my page. CF will again provide him with new sessionId. This puts me again in the same situation like scenario1 I have a user whose logout_date is empty that means his session is still on. Provide him with a button which when clicked will update the logout_date column. So in a nutshell this is the trick that i used. this way i hit DB only once during login, if there are any invalid or dead session put them in application scope so that we can deal with it later. Notes: sessionid is combination of CFID and CFTOKEN ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:351878 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
